MFPA wrote: >> In each of these cases, John Doe made the mistake of thinking that >> he could keep his personal information in his key, and that he could >> keep his key off the keyservers. If John were to make the wisest >> decision about keeping his personal informaton secret, wouldn't he >> choose to not include this information in a key that is probable to >> end up in a public venue? > > > You are assuming he realised it was probable. The benefit of hindsight > will presumably lead him to proceed differently in future. Initially, > John may not have even known he *could* create a useable key without > his valid email address. He might have been used to trusting his those > in his closed circle. He might not have experienced or considered how > easy it was to make mistakes resulting in inadvertent key upload. He > may have read about the "keyserver-no-modify" flag and assumed the > feature would actually protect his key from accidental or malicious > publication.
I am assuming that a person inhabited with the desire to protect his personal information would analyze the safety of using a UID with the information that he wants to protect. A person worried about the disclosure of his personal information is unlikely to say, "Huh. I guess I don't have an option concerning my privacy." I am also assuming that the user has intelligence and judgment. If the user is stupid and foolish, nothing can save him. By saying that he must have intelligence and judgment, I mean that he must be able to realize that he needs to be competent in the tool that he is using. How could a person of judgment believe that he could have the minimum knowledge of how to use cryptography and his OpenPGP tool, and believe that he will successfully protect his privacy? The person concerned with the releasing of his personal information might make the mistakes that you have said. But the kind of person that you are talking about has minimal knowledge in OpenPGP and the tools to implement it and has less than adequate reasoning. I have been naive before. But I didn't begin using GnuPGP while I was still naive about it. I studied how cryptography and OpenPGP worked, how to use gpg, and how to use it with e-mail and files. I won't claim that I am better or more knowledgeable than some of the other smart people on this mailing list, but I will say that I am smart enough to teach others how it works. Actually, it was my goal to understand the concepts and the tools well enough to teach others. You don't have to have the most understanding in order to teach others, but you do have to have /enough/ understanding in what you want to teach in order to teach others. Naivety in how to protect your privacy leads to having no privacy. Take for example how it is that many young people share the intimate details of their lives on social networks, chat rooms, et cetera. They are naive and *foolish*. While training these kids on how to protect their privacy could lead to many of them abandoning such unsafe practices, this doesn't mean that someone who already wants privacy would think that those same unsafe practices were safe. That is what I was saying in the previous posting. Someone who desires privacy will do what it takes to get it. That includes dispelling his naivety with knowledge. As for the person not realizing how easy it would be to accidentally upload a public key to a keyserver, I was never that naive. I was aware of it from the beginning. My key wasn't on the keyservers, initially (I chose to upload it later). But I knew that if I was careless it could wind up there. Maybe it is that I am an above average user. Maybe. Maybe it is just that I exercised judgment. Maybe I expect others to do the same. -Paul -- "You are free to rip me off. Just remember to credit me." --self PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
